Hi Tyler Since I'm in a similar situation with AD but still learning, just general experience with other Applications from the *nix world authenticating against AD:
2013/1/9 John Dennis <jden...@redhat.com>: > On 01/09/2013 02:00 PM, Tyler Brady wrote: >> >> Can someone give more details on setting up LDAP groups? So far I have >> attempted to modify the users file and the ldap module. I can't seem to get >> the ldap module configured properly, but I'm sure that's just one of many >> issues. >> >> ldap { >> # >> # Note that this needs to match the name in the LDAP >> # server certificate, if you're using ldaps. >> server = "ldap.your.domain" >> #identity = "cn=admin,o=My Org,c=UA" >> #password = mypass >> basedn = "o=My Org,c=UA" >> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" >> #base_filter = "(objectclass=radiusprofile)" >> >> cn = username (is this correct) >> o= domain (is this correct) >> c= ? (what does this field mean) Your AD admin (you?) needs to create a basic user account, no domain admin needed - who can read the parts of your AD/LDAP tree as John said. (We maintain a couple of srv-* accounts here to quickly distinguis between real user accounts) You'll need the value of the distinguishedName attribute on AD, your Admin can give you this value, but it's hidden by default in the GUI.* For "server=" (don't know of recommended for FR too): You could point to your.domainname, as this is a DNS record maintained by your AD-integrated nameservers who will point to all addresses of your current DCs. BaseDN - yeah, look up a little what it is, it's the base your FR will start looking up inside the LDAP tree. Regards Mathieu * http://www.sharepointboost.com/blog/how-to-find-attributes-of-objects-in-active-directory/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html